services:
  postgres:
    container_name: gitea-postgres
    image: docker.io/postgres:16.2-alpine
    restart: unless-stopped
    env_file: .env
    networks:
      - backend
    volumes:
      - /opt/gitea/postgres-data:/var/lib/postgresql/data:z
    security_opt:
      - no-new-privileges:true

  gitea:
    container_name: gitea
    image: docker.io/gitea/gitea:1.23
    env_file: .env
    restart: unless-stopped
    networks:
      - backend
      - proxy
    volumes:
      - /home/git/.ssh:/data/git/.ssh # ssh pass-through from host.
      - ${DATA_MNT}:/data
    ports:
      - "3000:3000"
      - "2222:22" # ssh port for git://
    depends_on:
      - postgres
    security_opt:
      - no-new-privileges:true
    labels:
      - "com.centurylinklabs.watchtower.enable=true"

networks:
  proxy:
    external: true
  backend:
    external: true